Shodan
Vulnerabilities
Vulnerable Software
Churchcrm:  >> Churchcrm  Security Vulnerabilities
CVE-2023-38760
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38761
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-08
CVE-2023-38762
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38763
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38764
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38765
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-38766
Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-08-08
CVE-2023-38767
SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-33661
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-06-29
CVE-2023-26842
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.
CVSS Score
5.4
EPSS Score
0.136
Published
2023-05-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved